In 'Validate Certificate Assertion' documentation there is this disclaimer:
A valid certificate does not ensure authentication. In other words, the Gateway does not
check to ensure that the user possesses a private key.
However if one runs this assertions against ${request.ssl.clientCertificate} then it can be sure that client possesses the private key related to certificate in ${request.ssl.clientCertificate}. Am I right?
However what does the Validate Certificate Assertion really do? Does it only check that subject&issuer path goes to trust anchor, or does it validate certificates signatures are OK (meaning certificates are not fake) while going along the path to trust anchor?